At the end of the course, students can:
- understand different failure modes in machine learning and explain types of compromises;
- explain currently known attacks (evasion attacks, poisoning, model inversion, membership inference) and associated defenses;
- carry out evasion and perturbation attacks in various types of neural networks and input domains;
- use machine learning and security techniques;
- evaluate privacy risks when deploying machine learning algorithms.
|
|
Machine learning has accomplished significant advances and produced a broad spectrum of approaches used for diverse application domains. Machine learning usage also results in negative effects and brings new challenges.
Indeed, the deployment of machine learning in real-world systems requires complementary technologies to ensure that machine learning maintains security and privacy goals.
Numerous works are showing how machine learning can fail due to various attacks. Such a situation is not surprising as machine learning is commonly not designed to be secure against threats (poisoning attacks, backdoor attacks, model stealing, membership inference attacks, perturbation attacks).
What is more, modern systems become increasingly complex, and they gather (and expose) increasing amounts of data. Such information can be extracted from the content, but also meta-data. The privacy concerns stemming from the pervasiveness of online services and mobile devices have put privacy technologies in the spotlight.
This course treats the security and privacy aspects of machine learning, types of compromises, and attack and defense techniques, especially evasion and poisoning attacks. We cover various machine learning algorithms, including state-of-the-art methods.
The course includes practical lab assignments where students perform attacks on different machine learning algorithms and assess the defense mechanisms.
|
|
|
|
|
Final exam and lab/homework assignments.
In accordance with the Rules and Regulations, the grade for the written exam should be a minimum of 5.0.
|
|
The course includes practical lab assignments where students perform attacks on different machine learning algorithms and assess the defense mechanisms.
|
|